Package: ecryptfs-utils Version: 111-4 Severity: important I have setup the standard home ~/Private directory. It looks like it is confused about which key to use.
For the last few months or so, I get this (key IDs changed but consistent in report): $ ecryptfs-mount-private Enter your login passphrase: Inserted auth tok with sig [aaaaaaaaaaaaaaaa] into the user session keyring mount: No such file or directory The kernel reports: Jul 30 07:43:31 elmo kernel: [225198.624579] Could not find key with description: [bbbbbbbbbbbbbbbb] And plenty of other messages, all about the second key with ID bbbbbbbbbbbbbbbb These are the two keys: $ keyctl list @u 2 keys in keyring: 270246897: --alswrv 1000 1000 user: bbbbbbbbbbbbbbbb 996876983: --alswrv 1000 1000 user: aaaaaaaaaaaaaaaa The work-around. Is given below. Note that I overrode the fnek signature on the command line. $ ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase Passphrase: (enter your usual passphrase) PPPPPPPPPPPPPPPP (write down this unwrapped passphrase) $ sudo ecryptfs-add-passphrase --fnek Passphrase: (enter the PPPPPPPPPPPPPPPP) Inserted auth tok with sig [aaaaaaaaaaaaaaaa] into the user session keyring Inserted auth tok with sig [bbbbbbbbbbbbbbbb] into the user session keyring udo mount -t ecryptfs /home/username/.Private/ /home/username/Private/ Select key type to use for newly created files: 1) passphrase 2) tspi Selection: 1 Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 Selection [aes]: 1 Select key bytes: 1) 16 2) 32 3) 24 Selection [16]: 1 Enable plaintext passthrough (y/n) [n]: Enable filename encryption (y/n) [n]: y Filename Encryption Key (FNEK) Signature [aaaaaaaaaaaaaaaa]: bbbbbbbbbbbbbbbb Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=bbbbbbbbbbbbbbbb ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=aaaaaaaaaaaaaaaa WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks like you have never mounted with this key before. This could mean that you have typed your passphrase wrong. Would you like to proceed with the mount (yes/no)? : yes Would you like to append sig [aaaaaaaaaaaaaaaa] to [/root/.ecryptfs/sig-cache.txt] in order to avoid this warning in the future (yes/no)? : no Not adding sig to user sig cache file; continuing with mount. Mounted eCryptfs -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ecryptfs-utils depends on: ii gettext-base 0.19.8.1-2+b1 ii keyutils 1.5.9-9 ii libassuan0 2.4.3-2 ii libc6 2.24-12 ii libecryptfs1 111-4 ii libgpg-error0 1.27-3 ii libgpgme11 1.8.0-3+b3 ii libkeyutils1 1.5.9-9 ii libpam-runtime 1.1.8-3.6 ii libpam0g 1.1.8-3.6 ii libtspi1 0.3.14+fixed1-1 ecryptfs-utils recommends no packages. Versions of packages ecryptfs-utils suggests: pn cryptsetup <none> -- no debconf information